SAP has released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM).
The CISA warns admins to address the ICMAD flaw affecting SAP business apps using Internet Communication Manager (ICM). An unauthenticated remote attacker could exploit this issue by sending a simple HTTP request to a vulnerable instance and take over it. The flaw received a CVSSv3 score of 10.0.
The US agency warns that this issue could expose organizations to a broad range of attacks, including data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.
The ICMAD vulnerabilities are particularly critical because the issues exist by default in the SAP Internet Communication Manager (ICM). The ICM is one of the most important components of an SAP NetWeaver application server: It is present in most SAP products and is a critical part of the overall SAP technology stack, connecting SAP applications with the Internet.
Malicious actors can easily leverage the most critical vulnerability (CVSSv3 10.0) in unprotected systems; the exploit is simple, requires no previous authentication, no preconditions are necessary, and the payload can be sent through HTTP(S), the most widely used network service to access SAP applications
An open-source tool has been released , named onapsis icmad scanner to scan systems for ICMAD vulnerabilities. SAP is not aware of any customers networks compromised by exploiting the ICMAD vulnerabilities. It urged its customer to apply patches in time to protect from any kind of attackers interruptions